Re: [6man] Stable privacy addresses (upcoming rev)

Ray Hunter <> Fri, 30 March 2012 20:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CB7B921F8642 for <>; Fri, 30 Mar 2012 13:50:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.451
X-Spam-Status: No, score=-2.451 tagged_above=-999 required=5 tests=[AWL=0.147, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oIznmOetxjDI for <>; Fri, 30 Mar 2012 13:50:49 -0700 (PDT)
Received: from ( [IPv6:2001:470:1f14:62e::2]) by (Postfix) with ESMTP id D195A21F85FD for <>; Fri, 30 Mar 2012 13:50:48 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id E17808700E7; Fri, 30 Mar 2012 22:50:46 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9jV1YxkhTClz; Fri, 30 Mar 2012 22:50:35 +0200 (CEST)
Received: from Rays-iMac.local (unknown []) (Authenticated sender: by (Postfix) with ESMTPA id ADFF9870064; Fri, 30 Mar 2012 22:50:35 +0200 (CEST)
Message-ID: <>
Date: Fri, 30 Mar 2012 22:50:35 +0200
From: Ray Hunter <>
User-Agent: Postbox Express 1.0.1 (Macintosh/20100705)
MIME-Version: 1.0
To: Brian E Carpenter <>
Subject: Re: [6man] Stable privacy addresses (upcoming rev)
References: <> <> <>
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------040404070401020705030803"
Cc: Fernando Gont <>, "" <>
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 30 Mar 2012 20:50:49 -0000

Brian E Carpenter wrote:
> Ray,
> On 2012-03-31 02:04, Ray Hunter wrote:
> ...
>> The idea being that authorized persons e.g. law enforcement and network
>> managers SHOULD be able to correlate activity at a later date (for legal
>> compliance, logging, fault finding etc.) whilst an attacker or
>> unauthorized person SHOULD NOT.
> If you were a blogger sitting in an Internet cafe in a country governed
> by a repressive regime, you would probably hold a different view.
>      Brian
Please let's not take this out of context. We're talking about 
obfuscating interface identifiers. If I'm sat in an Internet cafe in a 
repressive regime (and I have visited and worked in various countries 
around the World, including one that fingerprinted me on entry, one that 
took a full body scan capable of looking through clothes, and one which 
is known to operate firewalls and passive monitoring on all 
International links), obfuscating an interface identifier is not going 
to protect my rights. That repressive regime would anyway likely have 
access to a copy of my passport or ID card, my network login 
credentials, the time I entered the Internet cafe, which seat I was sat 
on, a report from my neighbors, details of my phone's SIM card, man in 
the middle HTTPS monitoring, my MAC address, the /64 prefix I was using, 
a key logger running on the ISP host, a camera pointed at the screen  .....

I do not attempt to define "authorized persons" any further than 
providing an example. I express no preference whatsoever on the question 
of whether privacy is desirable or not on this list, nor to what 
standard, nor where the balance lies between rights of the state or 
corporation and the rights of the individual, nor whether particular 
laws are sensible or not.

I'm just trying to comply with local laws when giving advice to 
companies operating in countries where I provide consultancy. And many 
of those local laws include a requirement for corporations to retain a 
log of IP addresses, network communications, and user credentials for 
several months, and to provide access to this information to "authorized 
persons" when necessary, even though they are some of the most liberal 
regimes in the World.